The formal security policy model and security analysis is necessary to help Database Management System (DBMS) to attain a higher assurance level. In this paper we develop a formal security model for a DBMS enforcing multiple security policies including mandatory multilevel security policy, discretionary access control policy and role based access control policy.  A novel composition scheme of policies is introduced. And the security properties are comprehensively and accurately specified in terms of about 17 state invariants and state transition constraints. Furthermore, the security of the model is proved with the Z/EVES theorem prover.